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REMARKS 

Upon entry of the forgoing amendments, claims 2-9, 13-20, 24-31, and 36-43 are pending 
in this application with claims 2, 13, 24, and 36 being independent claims. No claim is allowed. 

Claims 2, 13, 24, 36, and 39 have been amended to further particularly point out and 
distinctly claim subject matter regarded as the invention. Claims 36 and 39 have been amended 
to improve antecedent basis. The text of claims 3-9, 14-20, 25-31, 37, 38, and 40-43 is 
unchanged, but their meaning is changed because they depend from amended claims. 
The 35 U.S.C. 102 & 103 Rejections 

Claims 2, 5, 13, 16, 24, and 27 stand rejected under 35 U.S.C. § 102(e) as being allegedly 
anticipated hy Lin et al (US 6,751,668 Bl). Claims 3, 4, 6, 14, 15, 17-20, 25, 26, and 29-31 
stand rejected under 35 U.S.C. § 103(a) as being allegedly unpatentable over Lin in view of 
Primeaux et al (US 6,334,121 Bl). Claims 36-43 stand rejected under 35 U.S.C. § 103(a) as 
being allegedly unpatentable over Lin in view of Primeaux and further in view of Prabandham et 
al (US 6,701,438 Bl). These rejections are respectfully traversed. 

Generally, the Office Action states that Lin discloses or suggests all or most of the claim 
elements and limitations and that the other two references disclose or suggest the rest. However, 
the rejection is technically incorrect. The technical confusion is created by Lin who uses non- 
standard language in the prior art description and claims. 

Lin starts column 2 of the Detailed Description as follows: 

FIG. 1 illustrates an aspect of the invention in a broad form. Referring to FIG. 1, a source 
102 initiates a session establishment request (e.g., a TCP SYN packet; a new UDP or 
ICMP packet) to a target 104. A connection is attempted to be established at a port 112 
of the target 104. The arrow 1 10 represents a SYN/ACK acknowledgement by the target 
104. A filter 106 operates to selectively block session establishment packets 108 from 
being provided to the target 104. (emphasis added) 
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In this passage, Lin appears to be equating the phrase "session establishment request" with a TCP 
SYN (synchronize) packet. However, the proper language is to establish "connections" and not 
sessions. According to the Internet protocol, the procedure to establish connections utilizes the 
synchronize (SYN) control flag and involves an exchange of three messages. This exchange has 
been termed a three-way handshake. This procedure normally is initiated by one TCP and 
responded to by another TCP. The connection becomes "established" when sequence numbers 
have been synchronized in both directions. Since the terms SYN segment and connections are 
more technically accurate, they will be used exclusively in the following discussion. 

In a Denial-of-Service attack as envisioned by Lin, the attacker launches an immense 
volume of bogus SYNs to bog the target TCP down by attempting to engage the target TCP in 
numerous connection establishment exchanges. Even if the connections are not fully established 
or not maintained for long, the target TCP can be overwhelmed by the sheer volume of traffic. 
Lin effectively discloses on column 2, line 57 that the action of the filter 106 of FIG. 1 is to 
ignore the initial SYN of the three-way handshake. In the embodiment of FIG. 3, Lin discloses 
that rather than deny all connections, a certain number may still be established even at times 
when the target TCP is probably under attack. At times when the target TCP is not under attack, 
connections may be made freely. Consequently, the approach of Lin is to monitor SYN 
segments to determine when a DoS attack is occurring and to respond by either completely or 
selectively ignoring such SYNs. At least one drawback of the Lin approach is that it overlooks 
the potential damage that an existing connection may cause. This connection may have been 
established before the DoS attack was scheduled to launch or may be one of Lin's selectively 
allowed connections that is imprudently established during the attack. Indeed, Lin and the 
present invention can work hand-in-hand. 
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By contrast, in the DoS attack as addressed by the present claims and not by Lin, the 
attacker is a "connected" "subscriber" who uses a sufficient number of GETs or POSTs to bog 
the target TCP down by sheer volume of traffic. The claims go beyond the issue of establishing 
a connection. The subscriber has been authorized to make a connection and the connection has 
been made. What the connected subscriber has not yet been "authorized" to do is exceed the 
"maximum HTTP request frequency." Rather than establish one and only one maximum 
frequency, the claims allow each connected subscriber to have their own. The maximums may 
all be the same or they may not thus allowing preferential treatment to select subscribers. The 
"profile" is used to differentiate one subscriber from another. Since Lin fails to consider GETs, 
POSTs, or connected subscribers, the reference can not be said to anticipate the current claims. 
Further, without Lin the other cited references fail to render the current claims obvious. 

With regard to the Examiner's Note on page 13 of the Office Action, the Applicant 
respectfully counters that the Office is obligated to provide a complete prosecution history for 
appropriate review. If a rejection lacks sufficient logical or technical support, then the burden of 
the Applicant is met by merely pointing this out. The Applicant will not endeavor to speculate 
on ways to reform the rejection. If the Applicant were to respond only to the Applicant's 
formulation of the rejection and not to the rejection as written, then they risk having their 
arguments deemed non-responsive. 

In view of the above, it is respectfully asserted that the claims are now in condition for 
allowance. 
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Request for Allowance 

In view of the foregoing, reconsideration and an early allowance of this application are 
earnestly solicited. 

If any matters remain which could be resolved in a telephone interview between the 
Examiner and the undersigned, the Examiner is invited to call the undersigned to expedite 
resolution of any such matters. Please charge any additional required fee or credit any 
overpayment not otherwise paid or credited to our deposit account No. 50-1698. 



Thelen, Reid, & Priest LLP 
P.O. Box 640640 
San Jose, CA 95164-0640 
Tel. (408) 292-5800 
Fax (408) 287-8040 



Respectfully submitted, 
THELEN, REID, & PRIEST LLP 



Dated: May 





David R. Ritchie 
Reg. No. 31,562 
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